Seems quite difficult to create a wrapper. policykit-1 / pkexec is used a lot and quite complex package. Provides a lot binaries.
apt-file list policykit-1
policykit-1: /etc/pam.d/polkit-1
policykit-1: /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
policykit-1: /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf
policykit-1: /etc/polkit-1/nullbackend.conf.d/50-nullbackend.conf
policykit-1: /lib/systemd/system/polkit.service
policykit-1: /usr/bin/pkaction
policykit-1: /usr/bin/pkcheck
policykit-1: /usr/bin/pkexec
policykit-1: /usr/bin/pkttyagent
policykit-1: /usr/lib/policykit-1/polkit-agent-helper-1
policykit-1: /usr/lib/policykit-1/polkitd
policykit-1: /usr/lib/x86_64-linux-gnu/polkit-1/extensions/libnullbackend.so
policykit-1: /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service
policykit-1: /usr/share/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
/usr/share/polkit-1/actions/org.xfce.thunar.policy
How would I test functionality Run Thunar as root? That’s functionality I haven’t discovered yet.
I.e. policykit policy files that don’t contain a /path/to/binary. I’ve read “policykit helps to run an application as non-root while allowing the application to run only these parts as root which require that”.
How would I test the functionality of ktexteditor-data: /usr/share/polkit-1/actions/org.kde.ktexteditor.katetextbuffer.policy?
I am considering to revert hidepid. Any alternative? @madaidan
- Can you make policykit compatible with hidepid upstream?
- Can you make above functionality work and improve pkexec wrapper?
- Any other solution reaching the same goal (similar hidepid) that does not break pkexec? Perhaps using namespaces or something?